<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=ISO-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.19190"></HEAD>
<BODY bgColor=#ffffff text=#000000>
<DIV><FONT face=Arial>OK Bob,</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial>Just installed Shorewall. Setup some basic
rules. Disabled the IPTables and started shorewall. In Webmin,
Shorewall has a nicer web interface than IPtables.</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial>Later in the evening after work, I will try to set
it up to be able to communicate tun Linux with the Jnos.</FONT></DIV>
<DIV><FONT face=Arial></FONT> </DIV>
<DIV><FONT face=Arial>Thanks,</FONT></DIV>
<DIV><FONT face=Arial>Jose / HP2AT</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=bobtenty@gmail.com href="mailto:bobtenty@gmail.com">Bob Tenty</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=nos-bbs@tapr.org
href="mailto:nos-bbs@tapr.org">TAPR xNOS Mailing List</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Saturday, March 03, 2012 1:48
AM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [nos-bbs] IPTABLES for TUN
device</DIV>
<DIV><BR></DIV>Jose,<BR><BR>You will do yourself very much a favour be
installing "shorewall" in Ubuntu.<BR><BR>Bob VE3TOK<BR><BR>On 12-03-02 11:59
PM, Jose Ng Lee wrote:
<BLOCKQUOTE cite=mid:C9609DE7A5AD40889CBDE05C43762BF6@ngj type="cite">
<META name=GENERATOR content="MSHTML 8.00.6001.19190">
<STYLE>@font-face {
font-family: Calibri;
}
@font-face {
font-family: Tahoma;
}
@page WordSection1 {size: 8.5in 11.0in; margin: 1.0in 1.0in 1.0in 1.0in; }
P.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
LI.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
DIV.MsoNormal {
MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman","serif"; COLOR: black; FONT-SIZE: 12pt
}
A:link {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlink {
COLOR: blue; TEXT-DECORATION: underline; mso-style-priority: 99
}
A:visited {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.MsoHyperlinkFollowed {
COLOR: purple; TEXT-DECORATION: underline; mso-style-priority: 99
}
SPAN.EmailStyle17 {
FONT-FAMILY: "Calibri","sans-serif"; COLOR: #1f497d; mso-style-type: personal-reply
}
.MsoChpDefault {
FONT-SIZE: 10pt; mso-style-type: export-only
}
DIV.WordSection1 {
page: WordSection1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<DIV><FONT face=Arial>Hi Michael,</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>Thanks for the reply, good explanation of Iptables and
the references. Your right Iptables subject is too broad.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>My goal for now is to have Linux talk to the Jnos
through the tun device and viceversa. I was using before Firestarter
graphic interface to setup the firewall. With the Firestarter disable
was able to communicate linux to Jnos. Firestarter on was not able to
and just couldn't set it up the rules.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>So, I unistalled Firestarter. The default
Iptables firewall is on now but couldn't get it to communicate Linux to
Jnos. For an easier way to setup Iptables, I use Webmin through the
web browser to modify the rules. It got me confuse how to setup the
rules and tried declaring the IP but doesn't work. Later, I tried
declaring in the Incoming and Outgoing packets to Accept the packets from
the tun0 interface and now is working. The tun0 interface is only on
when jnos is execute so have to declare other interface and write the name
tun0.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>My next step is to setup the iptables to allow telnet
from internet to the Jnos. I tried and couldn't telnet to my Jnos from
the internet.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial>Thanks,</FONT></DIV>
<DIV><FONT face=Arial>Jose / HP2AT</FONT></DIV>
<BLOCKQUOTE
style="BORDER-LEFT: #000000 2px solid; PADDING-LEFT: 5px; PADDING-RIGHT: 0px; MARGIN-LEFT: 5px; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="FONT: 10pt arial; BACKGROUND: #e4e4e4; font-color: black"><B>From:</B>
<A title=n6mef@mefox.org href="mailto:n6mef@mefox.org"
moz-do-not-send="true">Michael Fox - N6MEF</A> </DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=nos-bbs@tapr.org
href="mailto:nos-bbs@tapr.org" moz-do-not-send="true">'TAPR xNOS Mailing
List'</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, March 02, 2012 10:57
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [nos-bbs] IPTABLES for
TUN device</DIV>
<DIV><BR></DIV>
<DIV class=WordSection1>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">Jose,<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">It
looks like no one has responded to you yet. That may be because you
asked a rather broad question. You’ll need to be much more specific
about iptables.<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">IPtables
is for filtering (among other things). For the best security, you
want to set a default policy of drop and then specify the specific traffic
that you want to allow. So you need to define those traffic types
first, then translate to iptables rules. If you define what you
want, and take a stab at writing the rules, there are probably several of
us here who would be happy to help you refine them.<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">If
you’re new to iptables, here’s some background info to get you
started:<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">Iptables
has 3 principle filtering tables: input, forward, output.
Input is what traffic you want linux to accept coming in on that
interface. In other words, this is traffic destined for linux that
comes in on the tun0 interface. Forward is for traffic you want
linux to allow to pass through from one interface to another. This
can be two way on the tun0 device. For example, you may want to
allow certain ICMP traffic to go out from JNOS, through Linux, to the
internet, but not allow incoming traffic of that type from the internet to
reach JNOS. So you need to define what traffic do you want to allow
linux to forward from other interfaces TO tun0 and what traffic do
you want linux to forward FROM tun0 to other interfaces. Output is
for what traffic you want linux to be able to originate on that
interface. <O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">To
specify the traffic types, you’ll need to define if they’re IP, TCP, ICMP,
etc., which ports (line TCP port 23 for default telnet, etc.), and
possibily which source and/or destination addresses to allow to send that
traffic. For example, you may want to allow linux to forward telnet
to JNOS as long as it is from a 44.x address, but not from other
addresses.<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">Once
you have figured out what traffic you want to allow, here are three good
references to help write the rules:<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><A
href="https://help.ubuntu.com/community/IptablesHowTo"
moz-do-not-send="true">https://help.ubuntu.com/community/IptablesHowTo</A><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><A
href="http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html"
moz-do-not-send="true">http://www.frozentux.net/iptables-tutorial/iptables-tutorial.html</A>
(this is how I learned – it has some good templates)<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">O’Reilly
iptables pocket reference: <A
href="http://www.amazon.com/Linux-iptables-Pocket-Reference-Gregor/dp/0596005695/ref=sr_1_sc_1?ie=UTF8&qid=1330745373&sr=8-1-spell"
moz-do-not-send="true">http://www.amazon.com/Linux-iptables-Pocket-Reference-Gregor/dp/0596005695/ref=sr_1_sc_1?ie=UTF8&qid=1330745373&sr=8-1-spell</A>
<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">Michael<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt">N6MEF<O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<P class=MsoNormal><SPAN
style="FONT-FAMILY: 'Calibri','sans-serif'; COLOR: #1f497d; FONT-SIZE: 11pt"><O:P></O:P></SPAN></P>
<DIV>
<DIV
style="BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt">
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><B><SPAN
style="FONT-FAMILY: 'Tahoma','sans-serif'; COLOR: windowtext; FONT-SIZE: 10pt">From:</SPAN></B><SPAN
style="FONT-FAMILY: 'Tahoma','sans-serif'; COLOR: windowtext; FONT-SIZE: 10pt">
<A class=moz-txt-link-abbreviated
href="mailto:nos-bbs-bounces@tapr.org">nos-bbs-bounces@tapr.org</A> [<A
class=moz-txt-link-freetext
href="mailto:nos-bbs-bounces@tapr.org">mailto:nos-bbs-bounces@tapr.org</A>]
<B>On Behalf Of </B>Jose Ng Lee<BR><B>Sent:</B> Friday, March 02, 2012
11:20 AM<BR><B>To:</B> TAPR xNOS Mailing List<BR><B>Subject:</B> [nos-bbs]
IPTABLES for TUN device<O:P></O:P></SPAN></P></DIV></DIV>
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><O:P></O:P></P>
<DIV>
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'">Hi,</SPAN><O:P></O:P></P></DIV>
<DIV>
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><O:P></O:P></P></DIV>
<DIV>
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'">Anyone can help me with a sample
IPTABLES configuration that works with TUN
device.</SPAN><O:P></O:P></P></DIV>
<DIV>
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><O:P></O:P></P></DIV>
<DIV>
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'">Thanks,</SPAN><O:P></O:P></P></DIV>
<DIV>
<P style="MARGIN-LEFT: 0.5in" class=MsoNormal><SPAN
style="FONT-FAMILY: 'Arial','sans-serif'">Jose /
HP2AT</SPAN><O:P></O:P></P></DIV></DIV>
<P></P>
<HR>
_______________________________________________<BR>nos-bbs mailing
list<BR><A class=moz-txt-link-abbreviated
href="mailto:nos-bbs@tapr.org">nos-bbs@tapr.org</A><BR><A
class=moz-txt-link-freetext
href="https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs">https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs</A><BR></BLOCKQUOTE><BR>
<FIELDSET class=mimeAttachmentHeader></FIELDSET> <BR><PRE wrap="">_______________________________________________
nos-bbs mailing list
<A class=moz-txt-link-abbreviated href="mailto:nos-bbs@tapr.org">nos-bbs@tapr.org</A>
<A class=moz-txt-link-freetext href="https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs">https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs</A>
</PRE></BLOCKQUOTE><BR>
<P>
<HR>
<P></P>_______________________________________________<BR>nos-bbs mailing
list<BR>nos-bbs@tapr.org<BR>https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs<BR></BLOCKQUOTE></BODY></HTML>